Blogging about Royal TS/X, Royal Server and Royal Passwords

Microsoft’s March 13, 2018 updates and Royal TSX

Update March 14, 2018:
A new version of the FreeRDP plugin (V3.3.6) that fixes the issue is now available. You can install the update as usual via “Royal TSX – Check for Updates…”.

On March 13, 2018 Microsoft released updates for several Windows versions that include a fix for a security vulnerability in the Credential Security Support Provider protocol (CredSSP, also known as Network Level Authentication or NLA).
You can learn more about the vulnerability and associated patch here.

Unfortunately, the security update breaks compatibility with 3rd party Remote Desktop clients which use the open source library, FreeRDP. We’re already in touch with the FreeRDP developers and hope to have a fix available soon.
You can follow the developments on the FreeRDP project’s Github page.

Workarounds

Until a proper fix is available for FreeRDP, here are some workarounds to keep you connected to your remote systems:

Use Microsoft Remote Desktop
Microsoft’s own Mac RDP client doesn’t seem to be affected by the problem, so it’s probably your best bet until an update for Royal TSX is available. You can get it on the Mac App Store.

Uninstall the Windows update
Uninstalling the Windows update (or putting it into the “Absent” state) that contains the security patch will allow you to access the system using Royal TSX again.

Disable NLA
By disabling the requirement for NLA on the server side and forcing Royal TSX to connect with TLS encryption instead you can also work around the problem.
Here’s how to: